Clarification on email notifications


#1

The certbot man page says:

Specifying this flag enables registering an account
with no email address. This is strongly discouraged,
because in the event of key loss or account compromise
you will irrevocably lose access to your account. You
will also be unable to receive notice about impending
expiration or revocation of your certificates. Updates
to the Subscriber Agreement will still affect you, and
will be effective 14 days after posting an update to
the web site. (default: False)```

Specifically, this part:
**You will also be unable to receive notice about impending expiration or revocation of your certificates.**

I've seen expiration emails for my domains, but never a revocation notice.  I've used the "certbot revoke" subcommand to successfully revoke certificates both within and outside of the staging environment.

Could someone clarify what the man page means here?  Is an email notification ever sent to the account holder on a manual revocation, or is this text referring to something else?

I think it would be great to add an FAQ entry that fully enumerates all of the circumstances in which the service will send email notifications.  The only explanation I see on the letsencrypt.org website is in reference to the expiration emails:

"We send the first notice at 20 days before your certificate expires, and more notices at 10 days and 1 day before it expires."

Thanks!

#2

Hi @aarcamp,

In this case revocation notices refers to involuntary revocations, like if the certificate authority learns that a private key has been compromised, or is required by a root program to revoke a certificate without a request by the subscriber. It doesn’t refer to revocations that you initiate yourself (although maybe it should, because it may be hard for the CA to know that it’s “you” in cases where the revocation is performed using the certificate’s subject key).


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.